Search form

Search

Digital Books and Your Rights: A Checklist for Readers

WHITEPAPER

February 16, 2010

Digital Books and Your Rights: A Checklist for Readers

February 2010

I. Introduction

After several years of false starts, the universe of digital books seems at last poised to expand dramatically. Readers should view this expansion with both excitement and wariness. Excitement because digital books could revolutionize reading, making more books more findable and more accessible to more people in more ways than ever before. Wariness because the various entities that will help make this digital book revolution possible may not always respect the rights and expectations that readers, authors, booksellers and librarians have built up, and defended, over generations of experience with physical books.

As new digital book tools and services roll out, we need to be able to evaluate not only the cool features they offer, but also whether they extend (or hamper) our rights and expectations.

The over-arching question: are digital books as good or better than physical books at protecting you and your rights as a reader?

Below we offer a checklist that can help guide your inquiry, as well as an extended explanation of why the answers to these questions matter. Not surprisingly, some of the issues overlap. For example, Digital Rights Management, or "DRM," matters not only because of the limits it places on users, but because of its impact on innovation and competition. Yet by separating out the various issues, we hope to spur a more rigorous consideration of the various digital book offerings.

Our goal is not to tell authors, publishers, vendors, libraries, or anyone else what strategies they must adopt, or tell book purchasers what options they must choose. We hope that a robust marketplace emerges, with various business models and technologies. Instead, this checklist represents the key questions that readers should ask of each new digital book product or service to evaluate whether it adequately protects their interests. That sort of rigorous inquiry will help us decide which digital book future we want — and how to vote with our feet until we get it.

III. EFF Digital Book Checklist: The Extended Version

The ability to read privately and anonymously is essential to freedom of expression, thought and inquiry. In the world of physical books, bookstores, libraries, and individuals have long fought against the chilling effect of someone, especially someone from the government, looking over your shoulder as you read. As Pulitzer Prize-winning author Michael Chabon stated when he joined EFF's efforts to insist that Google Books provide adequate protections for reader privacy:

If there is no privacy of thought — which includes implicitly the right to read what one wants, without the approval, consent or knowledge of others — then there is no privacy, period.1

Unfortunately, reader privacy has often been attacked. At the McCarthy hearings in the 1950s, people were questioned on whether they had read Marx and Lenin. They were asked whether their spouses or associates had books by or about Stalin and Lenin on their bookshelves.2 And these efforts did not end with the McCarthy era. Between 2001 and 2005, libraries were contacted by law enforcement seeking information on patrons at least 200 times.3

Physical books have many natural protections for reader anonymity. For example, you can:

browse through the stacks of your local library or bookstore without anyone tracking what you are looking at, what you pull off of the shelves as you browse or what pages you review;

walk into a store and buy a book with cash, thereby avoiding any record of your purchase;

hide a book under your bed so no one knows you're reading it;

throw a book away after reading it and no one will ever know you had it;

give a book to someone else without anyone knowing it;

read a key part of a book that you own or borrow from the library multiple times, or not at all, with no one knowing.

Digital book practices may threaten these traditional protections. Digital book providers have the potential to track, aggregate, analyze, and disclose reader activity to an extent far beyond anything possible with physical books. Both book download services (like the Kindle) and those like Google Book Search (where the user accesses a book stored on a server) can continue tracking during and after the initial transaction, as well as maintain records of every book purchased over the lifetime of the reader. That means digital book providers can collect data on what books you search for, what books you browse, what pages you view, and for how long — and they can keep that data for a very long time. Most of this tracking is something bookstores and libraries could never do short of hiring an agent to follow patrons around the stacks and then into their homes.

Just as readers may anonymously browse books in a library or bookstore, readers should be able to search, browse, and preview digital books without being forced to identify themselves. To see whether a digital book provider is limiting tracking, ask whether it:

Ensures that searching and browsing of books do not require user registration or the affirmative disclosure of any personal information;

Connects any information collected from an individual reader with any other information the digital provider may know about the same individual from other sources without specific, informed, opt-in consent. This is especially important for book providers like Google that have multiple services collecting other information about users;

Purges all logging or other information related to individual uses as soon as practicable, which in most instances should be no less than every 30 days. This purge should ensure that this information cannot be used to connect particular books viewed to particular computers or users;4 and

Where possible, allows you to use anonymity providers, such as Tor, proxy servers, and anonymous VPN providers, when interacting with the service.

Does it protect you against disclosure of your reading habits?

Readers should be able to read and purchase books without worrying that the government or a third party may be effectively reading over their shoulder. To ensure that any stored information linking readers to the books they view or purchase is not disclosed to the government or third parties without proper protections, ask whether the provider will:

Commit that it will not disclose information about you to government entities or others absent a warrant or court order unless required to do so by law;

Notify you prior to complying with any government or third party request for your information (unless forbidden to do so by law or court order), and provide you with sufficient time to seek court review of the request; and

Guarantee that it will not tell any business partners, or affiliates which books you purchased.

Does it give you control over the information it collects about you?

Readers of paper books can control information collected about them by, for example, buying books with cash. That freedom should not disappear as books go digital. Readers who want to assert some control over their own information should consider whether the provider will:

Allow you to delete your books and ensure that this deletion removes any record of the purchase;

Allow you to control what other local or remote computer users can see about your reading, possibly through the use of separate password-protected "bookshelves" or other technical means; and

Establish a method to allow private reading of purchased books and private giving of books, such as allowing you to anonymously transfer or "gift" purchases to someone else (including transfer to other accounts you control), with no record of the fact of the original purchase.

Does it tell you what it's doing with the information it collects and can you enforce its commitments to you?

A provider committed to ensuring both transparency and enforceability in the protection of reader privacy will do some or all of the following:

Provide a robust, easy-to-read notice of privacy provisions and policies;

Ensure that any commitments it makes to protect reader privacy are legally enforceable by readers;

Store all reader information exclusively in countries that have strong privacy protecting laws, especially as against demands for disclosure by law enforcement and private third parties;

Ensure that any watermarks or other marking technologies used do not contain identifying information about users in a format that third parties can read or decipher. Any watermarks with personally identifying information about users should be disclosed to users sufficiently to alert them to the existence of such marks and the type of information they include; and

Annually publish online, in a conspicuous and easily accessible area of its website, the type and number of information requests it receives from government entities or third parties.

In the physical world, it's relatively simple to know everything you need to about the consequences of searching, buying, selling, and reading. You buy a book — in cash if you like — take it home, read it at your leisure, put it on the shelf, pass it on, or throw it away. Although, if you buy the book with a credit card you don't always know what information booksellers are keeping, or for how long, for the most part it's a simple, transparent process.

Not so for digital books. Some electronic books come laden with DRM, as well as any number of other "features" that may or may not be disclosed. For example, in 2009 Kindle users were shocked to learn that their readers included a feature that let Amazon delete their books remotely.5

We've seen where loading unexpected features onto consumer products can lead. In 2005, music fans learned (as a result of the independent effort of computer researchers) that Sony BMG had included copy-protection software in millions of music CDs that could create serious security and privacy problems on personal computers. The software actually did much more than just preventing copying, including reporting customer listening habits. This all happened to customers without appropriate notice and consent.6

Readers of digital books have little reason to trust the private companies that sell them their books and devices, and they shouldn't have to. Readers need to know what they are getting, so that they can make good choices about what to buy and how to use their books.

What to look for:

How clear are the disclosures? Will they be updated, and if so, how?

Your vendor should tell you, in advance and in plain, prominent language, what the device or service will be doing and how it will be doing it, especially if it is interacting with your computer or other device or service. What's more, that disclosure should be an ongoing obligation; if practices change, your vendor must make sure you can find out about it (and opt for a different provider, if need be).

Does it let you or others investigate to confirm that the product, device or service is actually functioning as promised?

Many companies limit users' ability to tinker with the technology they buy, via contractual terms, technological measures, or legal threats against reverse engineering and security audits. Others have cracked down on customers who publish reports about bugs and security flaws. As with any other digital device, a provider should allow customers to test and tinker with their devices and services to ensure that the device is actually working in the way it was promised.

3. What happens to your additions to the book like annotations, highlights, and commentary? ^

Why it matters:

Readers are accustomed to annotating physical books in any number of ways. They make notes in the margin, "dog-ear" the pages, lard them up with sticky notes, cut out favorite images, and frame them, etc. When they are done, the original book may be significantly altered and possibly more valuable.7 At the same time, those notes — which can provide an important window into a reader's thoughts — need not be shared with others if the reader prefers to keep them private.

Unfortunately, annotations to books kept "in the cloud" may disappear. An e-book provider might decide it no longer wants to retain the information. Upgrades to the service may interfere with your ability to access old notes. And e-book providers may limit your ability to share your notes with others.

On the flip side, as long as a provider keeps information about you, that information could be subject to disclosure. That means you may not be able to control whether your notes are made available to law enforcement, your boss, or the general public.

What to look for:

Can you keep your additions?

Are annotations and additions kept "in the cloud" or locally where you can always have access to them?

Can you make a local backup of annotations in usable form (note that for some e-books readers like the Kindle that have unique pagination and similar differences from physical or other e-books, this would likely require a local backup of the book plus annotations)?

Purchasers of physical books always have the book and can lend or sell the book whenever and however they would like. They don't risk losing their book if they fail to pay an ongoing fee, violate the terms of a license agreement, or if the vendor simply decides not to continue the service. Their reading and use of the book is not — and without undue difficulty cannot be — monitored in the name of ensuring they stay within the terms of a license or for any other reason.

Ownership of books provides many protections like these. It protects readers from censorship, fosters secondary markets (i.e., used bookstores) that help protect us from price gouging, and helps less popular authors find new fans. It also ensures that your books stay yours: once you've purchased a book no one from the bookstore can come to your house later and demand the book back or hit a remote kill switch and do the same.

Perhaps most importantly, thanks to copyright's first sale doctrine, once you have lawfully obtained your copy, you are entitled to resell the book or give it away. This is what makes libraries, used bookstores, and giving books as gifts legal, all of which help authors as well as readers. Readers are more willing to shell out more for a new book if they know they fully control its use and can re-sell that book later. Further, the used book market helps support a continuing vibrant book culture by making books available to readers who cannot otherwise afford them. Finally, borrowing books from friends or receiving books as gifts are a crucial means by which readers discover unfamiliar authors — which leads them to buy those authors' next books.

Many readers expect that the same rules will apply to their e-book purchases. However, electronic books have often been treated as "licensed" content, subject to legal and technical restrictions (primarily, DRM) that block readers' ability to resell, lend, or gift an e-book. More ominously, last year Kindle readers realized that their provider (Amazon) could actually reach down into their devices and pull books from their virtual shelves.10

We expect to see many different models for accessing books to develop. But given the crucial benefits that ownership provides to readers and to the larger interests in privacy and freedom of expression, readers should not accept a world where all we can ever do is "rent" a book, subject to the whims of a digital "landlord."

What to look for:

Can you lend or resell?

One of the basic rights of ownership is the ability to lend, give away, or re-sell your property. Does your provider allow you to do that with books you buy? If so, how easy is it? DRM or other technological incompatibilities may inhibit your ability to transfer your book, so investigate these issues before you buy.

Is it locked down or do you have the freedom to move it to other readers, services or uses?

Another basic right of ownership is control — over both the products you buy and the devices you use. Find out if you can read your book on your laptop if that's more convenient. And, ask whether upgrades or other normal hardware adjustments might mean loss of your books.

Can the vendor take it away or edit it after you've purchased it?

Does the device allow a provider or anyone else to delete, delete access to, or alter the books on your device? If so, you bought it, but you don't really own it. A remote "delete" or "edit" switch for purchased books should not be built into e-book readers or other devices.

Censorship resistance is one of the key benefits of buying books (as opposed to merely renting them, for example). When you own a book, that means you have the power to access it, preserve it, share it, and, if need be, hide it. Those same abilities must be preserved for digital books, lest digital book services become automated censors beyond George Orwell and Ray Bradbury's wildest dreams. Indeed, as Farhad Manjoo has noted, if a provider can delete an entire book, it can doubtless delete portions of a book as well. What is worse, such deletions may not always be the provider's own choice:

If Apple or Amazon can decide to delete stuff you've bought, then surely a court — or, to channel Orwell, perhaps even a totalitarian regime — could force them to do the same. Like a lot of others, I've predicted the Kindle is the future of publishing. Now we know what the future of book banning looks like, too.11

What to look for:

How easy is it to remove or edit books once access or possession has been given to readers?

Every new technology for sharing information has been met with efforts by public and private entities to control and limit the information made available. Censorship-resistant devices and services can make that effort harder by eliminating features that allow information to be deleted.

Is there a single entity that stores all the books, as in Google Books or the Kindle, such that political or legal pressure on that place might result in a loss of the work for all readers?

By the same token, censorship-resistant devices and services will make sure information is dispersed, so there is no easy, central point of vulnerability.

Are the books stored in a location where censorship is historically a problem, such as China or Saudi Arabia, or in a place that is relatively free of censorship?

A provider that cares about protecting access to knowledge will make sure its servers are located in a country with speech-friendly laws.

Are the copyright or other laws applicable to the books balanced, giving readers the protection of doctrines like fair use or copyright exceptions and limitations?

Censorship can come in many forms — sometimes governments intervene to shut down speech, and sometimes copyright and trademark owners misuse their rights to do so (e.g., business tycoon Howard Hughes bought up newspaper and magazine copyrights in order to suppress access to interviews he gave).12 To limit such "private" censorship, try to get books from providers located in countries that recognize speech-protecting doctrines like fair use.

Early entrants in the digital books marketplace are already locking down their books with DRM, i.e., technologies that limit what you can do with the content you buy, usually in the name of reducing copyright infringement. Readers, authors, and publishers should take a hard look at the experience of DRM on digital music and reconsider the wisdom of this approach for digital books.

For readers, the lessons of DRM in digital music tell us that content restricted with DRM is less useful than content without DRM, and can even be dangerous. As discussed above, DRM schemes applied to music have opened up security vulnerabilities on computers and spied on listening habits. And, until its recent demise, DRM reduced consumer choice in music and music players. Apple's DRM scheme, for example, meant that purchases from Apple's iTunes Store would only play on Apple's own iPods.13

For authors and publishers, the lessons are equally plain. First, DRM will be no more effective at preventing unauthorized copying of books than it was for music.14 In an era of inexpensive cameras and optical character recognition (OCR) technologies, scanning books will just get cheaper and easier over time. Anything that can be read by humans can be photographed, OCR'ed, and uploaded — DRM will not change that. Second, DRM inevitably alienates at least some potential customers. Third, DRM will put the power in the hands of the technology companies that control the DRM standards, rather than authors and publishers, by locking customers and businesses into a proprietary platform.15 Author Cory Doctorow sums up the problem:

Imagine if, in addition to having control over what inventory they carry, [the big box stores] also carried your books in such a way that they could only be shelved on Walmart shelves, they could only be read in Walmart lamps, running Walmart light bulbs. Imagine the lock-in to your customers and the lack of control over your destiny that you have signed up with if this is the path you pursue. Well this is in fact what you get when you sell DRM'd ebooks or DRM'd music — in order to play back that DRM format, in order carry, manipulate or convert that DRM format, you have to license the DRM. The company that controls licensing for the DRM controls your business to the extent that your business is reliant on this.16

Some have argued that DRM is necessary for lending or leasing schemes. In fact, there is already "digital loan" software in wide use by public libraries that does not bother to impose any DRM on e-books, opting instead to automatically delete the books after the load period has expired.17 While users could defeat this by digging up and copying the underlying file, most users don't bother, just like most Netflix subscribers don't bother to copy the DVDs they rent, despite the ready availability of free software that can accomplish that goal.

Booksellers and publishers are still experimenting with digital book business models, and we support that experimentation. But authors and publishers should heed the lessons that the music industry learned the hard way — DRM is bad for business.

What to look for:

Is there DRM? If so, how does it limit your use of the book? Can you still lend, gift or resell the book? What features are enabled and which have been disabled?

DRM can come in many forms, some more pernicious than others. It's likely that vendors will experiment with different forms, which at least gives you an opportunity to vote with your wallets — just as music fans have.

Are you locked into a single reader technology or group of reader technologies, or can you choose any device you wish to read and otherwise use your book?

As noted, readers (not to mention authors and publishers) should be especially wary of DRM that locks them into a particular proprietary technology. Why would you want to give one company the ability to determine whether you'll be able to access a book you love?

Has the DRM been studied by independent researchers to confirm that it causes no security or other problems?

As discussed above, some forms of DRM give the vendor (or sometimes even a third party) a window into the customer's device. Your reading habits are nobody's business but your own, and selling you a book shouldn't become an excuse to monitor your activities.

Digital books have the potential to transform access to knowledge, in the U.S. and abroad. With physical books, access to books can be impeded by three barriers: archiving (physical books are expensive to preserve); indexing/search (even where catalogues are available online, searching for relevant books on a given topic can be difficult, and many books are not yet indexed); and obtaining books (once you find a book you think you want, you may need to buy it, borrow it or, if you have access to a library with the right relationships, attempt to order it via interlibrary loan). These barriers have traditionally hampered access to paper books; in areas without resources or first-class libraries, access to books can be well-nigh impossible.

Digital books offer hope of reducing these traditional barriers to access. But digital books will only live up to that promise if readers demand it.

What to look for:

Can authors and publishers easily dedicate their books to the public domain or Creative Commons or other flexible licensing schemes?

Rights-holders should be able to dedicate their books to the public domain and/or have the option to license the books via a Creative Commons ("CC") license or similar flexible licensing model. For example, after pressure from academic authors and others, Google and the Authors Guild announced that authors and publishers of books included in Google Books would be able to dedicate their books to the public domain or have the option to use a CC-license. For many rights-holders, promoting access and re-use of a work via a free CC license may be more valuable than charging readers. But in order for authors and rights-holders to make this choice, technology companies have to design their systems to accommodate and support public domain and CC license options.

Can you trust your "digital librarian" to enable access to as many works as possible?

Traditional libraries frown on limiting access to books unnecessarily. The proposed Google Book Search service reserves to Google the right to exclude any book "for editorial reasons." If, as is possible, Google becomes the only viable source for digital orphan works, this means that Google will have extraordinary influence over public access to those works.

Is it available to people without money, as public libraries are?

Digital book providers should ensure that readers in resource-poor areas have options for engaging with new digital resources. For example, Google has, as part of its proposed Google Book Search settlement with authors and publishers, proposed offering a free public access terminal for the Google Books collection to every public library in America.

Is it cost-effective for people of limited means?

The vast majority of global readers will never be able to afford the $300 Kindle 2. The best way to bring down costs is to foster vibrant, free-market competition in these technologies. This is one reason we should fear DRM for books; to the extent it impedes reverse engineering and interoperability (either by code or by contract), it is also likely to impede innovation and competition. (See below for a more detailed discussion of this.)

Is it available to people with disabilities?

Booksellers, publishers, and authors must work together to enable accessibility features so that people with print disabilities can enjoy the vastly expanded world of books on the same terms as the rest of us.19 Already, several leading e-book purveyors have taken steps to foster accessibility for digital books.20 Other vendors, such as Amazon, have limited their accessibility features, bowing to pressure from misguided copyright owners.

Physical book publishing has traditionally been a reasonably competitive industry, to the benefit of readers.21 The publishing industry has consolidated in recent years, but there are still numerous academic, small, and specialty presses that help make sure readers will have access to multiple genres of books, at multiple price points. New technologies have made publishing cheaper and easier and, of course, we have recently seen disruptive innovation in the form of online book sales. We have also seen the continuing vitality of the used book market (including online markets). In short, competition and innovation has helped make physical books more accessible to more people, and help ensure that readers will have access to a wide range of voices and subjects.

If digital book publishing, selling, and sharing is to reach its full potential, we need the same robust competition and support for innovation. Competition will help ensure that readers continue to have options, such as the option to own DRM-free books, and should also help lower the price of digital books over time. Innovation is also likely to lead to both lower prices and, perhaps more importantly, new technologies that will continue to transform how we read and access books.

One key issue will be DRM. DRM can be used to lock readers into a vendor's format. Creating a barrier to entry and competition in the e-book reader market. In essence, device makers can hold their customers' book collections hostage to prevent those customers from switching to better (cheaper, easier to use, with more features) alternatives. DRM can also be used to limit innovation. In the DVD space, for example, DRM systems like the Content Scramble System (CSS) have become the legal "hook" that forces technology companies to enter into license agreements before they build products that can play movies.22 Those license agreements, in turn, define what the devices can and can't do, thereby protecting Hollywood business models from disruptive innovation. It would be a shame to see the same occur for digital books.

But DRM isn't the only issue. One of the reasons so many are concerned about the proposed Google Book Search Settlement is that it gives two entities — Google and a not-for-profit licensing entity called the Book Rights Registry ("BRR") — enormous power to shape innovation with respect to orphan works (i.e., books whose copyright owners cannot be easily found). For example, as James Grimmelman explains, under the terms of the settlement, the BRR is authorized to negotiate on behalf of all authors and publishers with respect to the millions of books covered by the settlement. Thus "[i]t could agree with Google on a privacy-intrusive DRM system that fed back usage information into a database used to do industry-wide price-fixing in the guise of price discrimination."23

What to look for:

Can books from this source be read on a variety of readers or formats? Conversely, can you read or access books from a variety of sources?

A digital Library of Alexandria won't do most people much good if they cannot read the books they find on devices they already have and/or devices that can be inexpensively purchased. It will be still less valuable if they can't share their discoveries with friends who may have different kinds of devices, or transfer their books to the laptop they already have. And it will be downright harmful if the Library builders could use it as a tool to force readers to buy (and upgrade, ad infinitum) a particular proprietary technology. If we want the reader experience with digital books to be as good (or better) than with paper books, we'll need flexible, interoperable formats and devices.

For example, one fundamental problem in the fledgling digital books market is that a major e-book reader vendor, Amazon, uses DRM and other techniques to lock readers into their libraries. That means Kindle owners can only read Kindle files and PDFs, and they can't transfer those libraries to a non-Kindle reader.24 What if you could lose your entire music collection as a result of upgrading your sound system?

There are alternatives. EPUB, a free open standard supported by a range of reading devices, allows readers to move their digital books across platforms rather than being locked into one particular device.25 Many providers that use EPUB deploy DRM in other ways, but at least their customers have a broader array of options.26

Can features be easily added or modified by users or third parties or must features be pre-approved by the provider?

As noted above, the DRM and contracts that accompany leading e-book readers and licensed content inhibit follow-on innovation. For example, the Kindle Terms and Conditions require that customers not "encourage, assist or authorize any other person to, modify, reverse engineer, decompile or disassemble the Device or the Software, whether in whole or in part, create any derivative works from or of the Software, or bypass, modify, defeat or tamper with or circumvent any of the functions or protections of the Device or Software or any mechanisms operatively linked to the Software . . . ." In other words, no tinkering with or improving your device! Innovators will be reluctant to experiment with these products if they could face lawsuits for their trouble.

Does the provider depend on and/or promote agreements that limit competition?

With respect to devices, consider whether your provider has made long-term exclusive deals with major publishers that hinder competition and innovation. After all, you can't vote with your wallet if you don't have a range of options to vote for.

IV. Conclusion

The future of digital books must not be shaped solely by authors, publishers, booksellers or even librarians. Readers can and should play an active role in realizing the extraordinary potential of digital books — but only if we stay informed, ask questions, and demand that providers respect the rights and expectations that have been developed and defended for physical books. We hope readers will use this checklist to do just that.

4. Google already does this for other sensitive user information. Its Google Health service which allows a user to organize and store health information, stores use information, such as number of log-ins, for only two weeks, and does not correlate that information with other Google services information. See Google Health Privacy Policy, available at http://www.google.com/intl/en-US/health/privacy.html (last accessed Apr. 28, 2009). Similarly, Google builds privacy protections for users into Google Latitude, a cell phone service that finds the location of friends, by overwriting historical data. See Google Mobile Help, Privacy: Location History, available at http://www.google.com/support/mobile/bin/answer.py?hl=en&answer=136652 (last accessed Apr. 28, 2009). Like medical records and location tracking, book records paint a revealing and intimate portrait of the reader; book records should be comparably well-protected.

23. James Grimmelmann, "Principles and Recommendations for the Google Book Search Settlement," THE LABORATORIUM, Nov. 8, 2008, http://www.laboratorium.net/archive/2008/11/08/principles_and_recommendations_for_the_google_book.